From owner-java@jp.FreeBSD.org Wed Sep 11 05:31:05 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g8AKV5B49705;
	Wed, 11 Sep 2002 05:31:05 +0900 (JST)
	(envelope-from owner-java@jp.FreeBSD.org)
Received: from pooh.softalia.com (pooh.softalia.com [65.161.202.173])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id g8AKV3349694
	for <java@jp.FreeBSD.org>; Wed, 11 Sep 2002 05:31:03 +0900 (JST)
	(envelope-from kkonaka@softalia.com)
Received: from tigger.softalia.com (tigger.softalia.com [65.161.202.175])
	by pooh.softalia.com (8.9.3+Sun/3.7W-isfs) with ESMTP id QAA00848;
	Tue, 10 Sep 2002 16:30:54 -0400 (EDT)
Received: from tigger.softalia.com (kkonaka@tigger.softalia.com [65.161.202.175])
	by tigger.softalia.com (8.11.4/3.7W-isfs) with ESMTP id g8AKUsZ25515;
	Tue, 10 Sep 2002 16:30:54 -0400
Message-ID: <sqb8z29bnau.wl@nue.mac.com>
From: kkonaka@mac.com
To: java@jp.FreeBSD.org
In-Reply-To: <20020910.140922.304093457.shudoh@localhost>
References: <20020909165608.3844b00e.daichi@jp.freebsd.org>
	<sqbznurnwn9.wl@nue.mac.com>
	<20020909222653.4eb24728.daichi@jp.freebsd.org>
	<20020910.140922.304093457.shudoh@localhost>
User-Agent: Wanderlust/2.6.0 (Twist And Shout) SEMI/1.14.3 (Ushinoya)
 FLIM/1.14.3 (=?ISO-8859-4?Q?Unebigory=F2mae?=) APEL/10.3 Emacs/20.7
 (i586-pc-linux-gnu) MULE/4.0 (HANANOEN)
MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya")
Content-Type: text/plain; charset=ISO-2022-JP
Reply-To: java@jp.FreeBSD.org
Precedence: list
Date: Tue, 10 Sep 2002 16:30:01 -0400
X-Sequence: java 225
Subject: [java 225] Re: Java =?ISO-2022-JP?B?GyRCJEskKiQxJGtGfBsoQg==?=
 =?ISO-2022-JP?B?GyRCS1w4bEZ+Tk8kTkApOGYkSyREJCQkRhsoQg==?= 
Errors-To: owner-java@jp.FreeBSD.org
Sender: owner-java@jp.FreeBSD.org
X-Originator: kkonaka@mac.com
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+020902

>   Setting the accessible flag in a reflected object permits
>   sophisticated applications with sufficient privilege,
>   such as Java Object Serialization or other persistence mechanisms,
>   to manipulate objects in a manner that would normally be prohibited.
> 
> object serialization $B$N$?$a!"$J$s$8$c$J$$$G$7$g$&$+!#(B

jdk $B$N%=!<%9$NCf$r(B 'setAccessible(' $B$G%5!<%A$9$k$H(B
serialization $B$OBg8}%f!<%6!<$N$R$H$D!JB>$O(B java.security$B!K(B
$B$H$$$&$N$O$"$C$F$=$&$G$9$M!#(B

$B$H$3$m$G$7$P$i$/A0$K$_$D$1$?$N$K!"$3$s$J$N$,$"$C$F!'(B

--
import sun.misc.Unsafe;
public class PeekPoke { // this have to be loaded through bootclassloader
  public static void main(String[] args) throws Exception {
    Unsafe s = Unsafe.getUnsafe();
    s.putLong(Long.parseLong(args[0]), Long.parseLong(args[1]));  //poke
    s.getLong(Long.parseLong(args[0])); //peek
  }
}
--

jdk 1.4 $B$K$J$C$F(B serialization - reflection $B$,$O$d$/$J$C(B
$B$?$N$O<g$K!">e$r!"(Bsun.reflect.* $B$"$?$j$N%/%i%9$,;H$&$h(B
$B$&$K(B($B$b$H$O(B JNI $B%Y!<%9(B)$B=q$-49$($7$?$+$i(B - $B$H>!<j$K;W$$(B
$B9~$s$G$$$k$N$G$9$,(B $B$5$F!)(B :)


$B$3$J$+(B
